2011 PlayStation Network Outage
The 2011 PlayStation Network outage was the result of an "external intrusion" on Sony's PlayStation Network and Qriocity services, in which personal details from approximately 77 million accounts were compromised and prevented users of PlayStation 3 and PlayStation Portable consoles from accessing the service. The attack occurred between April 17 and April 19, 2011, forcing Sony to turn off the PlayStation Network on April 20. On May 4 Sony confirmed that personally identifiable information from each of the 77 million accounts had been exposed.The outage lasted 23 days. At the time of the outage, with a count of 77 million registered PlayStation Network accounts, it was one of the largest data security breaches in history. It surpassed the 2007 TJX hack which affected 45 million customers. Government officials in various countries voiced concern over the theft and Sony's one-week delay before warning its users. Sony stated on April 26 that it was attempting to get online services running "within a week. On May 14, Sony released PlayStation 3 firmware version 3.61 as a security patch. The firmware required users to change their password upon signing in. At the time the firmware was released, the network was still offline. Regional restoration was announced by Kazuo Hirai in a video from Sony. A map of regional restoration and the network within the United States was shared as the service was coming back online. Timeline On April 20, 2011, Sony acknowledged that on the official PlayStation Blog that it was "aware certain functions of the PlayStation Network" were down. Upon attempting to sign in via the PlayStation 3, users received a message indicating that the network was "undergoing maintenance".The following day, Sony asked its customers for patience while the cause of outage was investigated and stated that it may take "a full day or two" to get the service fully functional again. The company later announced an "external intrusion" had affected the PlayStation Network and Qriocity services. This intrusion occurred between April 17 and April 19. On April 20, Sony suspended all PlayStation Network and Qriocity services worldwide. Sony expressed their regrets for the downtime and called the task of repairing the system "time-consuming" but would lead to a stronger network infrastructure and additional security. On April 25, Sony spokesman Patrick Seybold reiterated on the PlayStation Blog that fixing and enhancing the network was a "time intensive" process with no estimated time of completion. However, the next day Sony stated that there was a "clear path to have PlayStation Network and Qriocity systems back online", with some services expected to be restored within a week. Furthermore, Sony acknowledged the "compromise of personal information as a result of an illegal intrusion on our systems." On May 1 Sony announced a "Welcome Back" program for customers affected by the outage. The company also confirmed that some PSN and Qriocity services would be available during the first week of May. The list of services expected to become available included: On May 2 Sony issued a press release, according to which the Sony Online Entertainment (SOE) services had been taken offline for maintenance due to potentially related activities during the initial criminal hack. Over 12,000 credit card numbers, albeit in encrypted form, from non-U.S. cardholders and additional information from 24.7 million SOE accounts may have been accessed. During the week, Sony sent a letter to the US House of Representatives, answering questions and concerns about the event. In the letter Sony announced that they would be providing Identity Theft insurance policies in the amount of US$1 million per user of the PlayStation Network and Qriocity services, despite no reports of credit card fraud being indicated. This was later confirmed on the PlayStation Blog, where it was announced that the service, AllClear ID Plus powered by Debix, would be available to users in the United States free for 12 months, and would include Internet surveillance, complete identity repair in the event of theft and a $1 million identity theft insurance policy for each user. On May 6 Sony stated they had begun "final stages of internal testing" for the PlayStation Network, which had been rebuilt. However, the following day Sony reported that they would not be able to bring services back online within the one-week timeframe given on May 1, because "the extent of the attack on Sony Online Entertainment servers" had not been known at the time. SOE confirmed on their Twitter account that their games would not be available until sometime after the weekend. Reuters began reporting the event as "the biggest Internet security break-in ever". A Sony spokesperson said: * Sony had removed the personal details of 2,500 people stolen by hackers and posted on a website * The data included names and some addresses, which were in a database created in 2001 * No date had been fixed for the restart On May 14 various services began coming back online on a country-by-country basis, starting with North America. These services included: sign-in for PSN and Qriocity services (including password resetting), online game-play on PS3 and PSP, playback of rental video content, Music Unlimited service (PS3 and PC), access to third party services (such as Netflix, Hulu, Vudu and MLB.tv), friends list, chat functionality and PlayStation Home. The actions came with a firmware update for the PS3, version 3.61. As of May 15 service in Japan and East Asia had not yet been approved. On May 18 SOE shut down the password reset page on their site following the discovery of another exploit that allowed users to reset other users' passwords, using the other user's email address and date of birth. Sign-in using PSN details to various other Sony websites was also disabled, but console sign-ins were not affected. On May 23 Sony stated that the outage costs were $171 million.